14 Tuning Oracle Traffic Director for Performance

This chapter describes how you can use statistical data about Oracle Traffic Director instances and virtual servers to identify potential performance bottlenecks. It also describes configuration changes that you can make to improve Oracle Traffic Director performance.

Note:

Oracle Java Cloud Service tunes Oracle Traffic Director for performance when you create an Oracle Java Cloud Service instance with a load balancer or add a load balancer to an Oracle Java Cloud Service instance. No additional tuning of Oracle Traffic Director software in an Oracle Java Cloud Service instance should be required.

General Tuning Guidelines

The outcome of the tuning suggestions provided in this chapter might vary depending on your specific environment. When deciding the tuning parameters that are suitable for your needs, keep the following guidelines in mind:

Adjust one parameter at a time

To the extent possible, make one adjustment at a time. Measure the performance before and after each change, and revert any change that does not result in measurable improvement.

Establish test cases that you can use to create a performance benchmark

Before changing any parameter, set up test cases, and automate them if possible, to test the effect of the changes on performance.

Tune gradually

When adjusting a quantitative parameter, make changes in small increments. This approach is most likely to help you identify the optimal setting quickly.

Start afresh after a hardware or software change

At each major system change, a hardware or software upgrade, for example, verify whether the previous tuning changes still apply.

Tuning the File Descriptor Limit

The operating system uses file descriptors to handle file-system files as well as pseudo files, such as connections and listener sockets.

When an Oracle Traffic Director instance starts, the following parameters are taken into consideration when auto-configuring values related to file descriptors:

HTTP processing threads (<thread-pool>)

Access log counts for all virtual servers (<access-log>)

Listeners (<http-listener>, <tcp-listener>)

Keep-alive connections (<keep-alive>)

Number of origin server pools (<origin-server-pool>)

Number of origin servers (<origin-server>)

Origin server connections (<origin-server>/<max-connections>)

TCP processing threads (<tcp-thread-pool>)

The key Oracle Traffic Director objects that require file descriptors are keep-alive connections, queued connections, and connections to origin servers. If you do not explicitly specify limits for these objects, then when the Oracle Traffic Director instance starts, it configures the limits—maximum keep-alive connections, connection queue size, and maximum connections for each origin server—automatically based on the total number of available file descriptors in the system.

When the file descriptor limit is set to a very high value, auto-configuration of unspecified parameters can cause Oracle Traffic Director instances to consume excessive amount of memory or can result in sub-optimal configurations. To avoid these issues, specify values for these parameters explicitly on systems that have a high file-descriptor limit.

For instance, max-threads * 4 should ideally be less than the maximum number of file descriptors available to the process. For example, if the file descriptor limit is set to 65536, then setting max-threads to 20000 will cause sub-optimal tuning as 80000 (20000*4=80000) will exhaust/reserve file descriptors for the worker threads, which does not leave much for other subsystems. Hence a high value should be set for max-threads only after some experimentation.

The number of allocated file descriptors cannot exceed the limit that the system can support. To find out the current system limit for file descriptors, run the following command:

$ cat /proc/sys/fs/file-max
2048

To find out how many of the available file descriptors are being currently used, run the following command:

$ cat /proc/sys/fs/file-nr

The command returns an output that resembles the following:

625 52 2048

In this example, 625 is the number of allocated file descriptors, 52 is the number of free allocated file descriptors, and 2048 is the maximum number of file descriptors that the system supports.

Note:

In Solaris, system wide file descriptors in use can be found by using the following command:

# echo ::kmastat | mdb -k | grep file_cache

This command returns an output that resembles the following:

file_cache 56 1154 1305 73728B 659529 0

In this example, 1154 is the number of file descriptors in use and 1305 the number of allocated file descriptors. Note that in Solaris, there is no maximum open file descriptors setting. They are allocated on demand as long as there is free RAM available.

When the number of allocated file descriptors reaches the limit for the system, the following error message is displayed in the system console when you try to open a file:

This is a serious problem, indicating that the system is unable to open any more files. To avoid this problem, consider increasing the file descriptor limit to a reasonable number.

To change the number of file descriptors in Linux, do the following as the root user:

Edit the following line in the /etc/sysctl.conf file:

fs.file-max = value

value is the new file descriptor limit that you want to set.

Apply the change by running the following command:

# /sbin/sysctl -p

Note:

In Solaris, change the value of rlim_fd_max in the /etc/system file to specify the “hard" limit on file descriptors that a single process might have open. Overriding this limit requires superuser privilege. Similarly, rlim_fd_cur defines the “soft" limit on file descriptors that a single process can have open. A process might adjust its file descriptor limit to any value up to the “hard" limit defined by rlim_fd_max by using the setrlimit() call or by issuing the limit command in whatever shell it is running. You do not require superuser privilege to adjust the limit to any value less than or equal to the hard limit.

For example, to increase the hard limit, add the following command to /etc/system and reboot it once:

As a rough rule of thumb, the thread-pool element, max-threads * 4 should be less than the maximum number of file descriptors available to the process. That is, max-threads should be less than 1/5th of the maximum number of file descriptors.

For example, if the file descriptor limit is set to 65536, then setting max-threads to 20000 will cause sub-optimal tuning as 20000*4=80000 will exhaust/reserve file descriptors for the worker threads, leaving little else for other subsystems.

High values of max-threads should be used only after experimentation. Having tens of thousands of threads in a process may hurt performance.

About Threads and Connections

When a client sends a request to an HTTP listener in an Oracle Traffic Director instance, the connection is first accepted by an acceptor thread that is associated with the HTTP listener. The acceptor thread puts the connection in a connection queue and then waits for the next client request. A request processing thread from a thread pool takes the connection from the connection queue and processes the request. Note that if the thread pool is disabled, acceptor threads themselves process every request. The connection queue and request-processing threads do not exist.

When an Oracle Traffic Director instance starts, it creates the specified number of acceptor threads for each listener and a thread pool that contains a specified, minimum number of request-processing threads.

If the number of acceptor threads for a listener is not specified, Oracle Traffic Director creates one acceptor thread per CPU on the host.

If the minimum size of the thread pool is not specified, Oracle Traffic Director creates one request-processing thread per processor on the host on which the instance is running.

As the request load increases, Oracle Traffic Director compares the number of requests in the connection queue with the number of request-processing threads. If the number of requests in the queue is more than the number of request-processing threads, Oracle Traffic Director creates additional threads, up to the specified maximum size for the thread pool.

The default value of the maximum number of request-processing threads will never be more than quarter of the maximum number of file descriptors available to the process. If there are 1, 2 CPUs, then the default is 256 and if there are 3, 4 CPUs, the default is 512. If there are more than 4 CPUs, the default is 1024.

The maximum number of threads is a hard limit for the number of sessions that can run simultaneously. Note that the maximum threads limit applies across all the virtual servers in the instance.

Reviewing Thread Pool Metrics for an Instance

You can review the thread-pool information for an instance in the SessionCreationInfo section of the plain-text perfdump report, as shown in the following example.

Active Sessions is the number of request-processing threads that are currently servicing requests.

Keep-Alive Sessions is the number of keep-alive threads serving responses.

Total Sessions Created

The first number is the number of request-processing threads created.

The second number is the maximum threads allowed in the thread pool; that is, the sum of the maximum threads configured in the thread-pool and the number of keep alive threads.

If you observe that the total number of request-processing threads created is consistently near the maximum number of threads, consider increasing the thread limit. Otherwise, requests might have to wait longer in the connection queue; and, if the connection queue becomes full, further requests are not accepted. If the average queueing delay (see Reviewing Connection Queue Metrics for an Instance) is significantly high in proportion to the average response time, that too is an indication that the thread limit needs to be increased.

Reviewing Connection Queue Metrics for an Instance

If the maximum size of the connection queue is not large enough, client requests might be rejected during peak load periods. You can detect this situation by examining the connection queue section in the perfdump plain-text report, as shown in the following example.

Peak: The largest number of connections that have been in the queue simultaneously.

If the peak queue length is close to the limit, it is an indication that the connection queue might not be large enough for the given load.

Limit: The maximum size of the connection queue, which is equal to the size of the thread-pool queue + maximum threads + the size of the keep-alive queue.

Total Connections Queued is the total number of times a connection has been queued. This number includes newly-accepted connections and connections from the keep-alive system.

Average Queue Length is the average number of connections in the queue during the most recent 1-minute, 5-minute, and 15-minute intervals.

Average Queueing Delay is the average amount of time a connection spends in the connection queue. It represents the delay between when a request is accepted by the server and when a request-processing thread begins processing the request. If the average queueing delay is relatively high in proportion to the the average response time, consider increasing the number of threads in the thread pool.

Tuning the Thread Pool and Connection Queue Settings

You can change the thread pool and connection queue settings by using either the administration console or the CLI.

Changing the Thread Pool and Connection Queue Settings Using the Administration Console

To change the thread-pool settings by using the administration console, do the following:

Click the Configurations button that is situated at the upper left corner of the page.

A list of the available configurations is displayed.

Select the configuration that you want to modify.

In the navigation pane, expand Advanced Settings and select HTTP.

The HTTP Settings page is displayed.

Go to the Thread Pool section on the page.

Specify the parameters that you want to change.

On-screen help and prompts are provided for all of the parameters.

When you change the value in a field or tab out of a text field that you changed, the Save button near the upper right corner of the page is enabled.

At any time, you can discard the changes by clicking the Reset button.

After making the required changes, click Save.

A message, confirming that the updated configuration was saved, is displayed in the Console Messages pane.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Changing the Thread Pool and Connection Queue Settings Using the CLI

To view the current thread-pool settings, run the get-thread-pool-prop command, as shown in the following example:

Tuning HTTP Listener Settings

The following are the key HTTP listener parameters that affect performance:

Listener address

The listener address consists of an IP address and a port number. The host on which an Oracle Traffic Director instance is running can have multiple network interfaces and multiple IP addresses.

A listener that is configured to listen for client requests on all network interfaces on the host machine would have 0.0.0.0 as its IP address. While specifying 0.0.0.0 as the IP address for a listener is convenient, it results in one additional system call for each connection. For better performance, consider specifying an actual IP address for the listener.

Number of acceptor threads

Acceptor threads receive client requests and put them in the connection queue. When an Oracle Traffic Director instance starts, it creates the specified number of acceptor threads for each listener. If the number of acceptor threads for a listener is not specified, Oracle Traffic Director creates one acceptor thread per CPU on the host

Too many idle acceptor threads place an unnecessary burden on the system, while having too few acceptor threads might result in client requests not being accepted. One acceptor thread per CPU, which is the default setting, is an acceptable trade-off in most situations.

For HTTP 1.0 workloads, which necessitate opening and closing a relatively large number of connections, the default number of acceptor threads—1 per listener—would be suboptimal. Consider increasing the number of acceptor threads.

Listen queue size

As explained earlier, acceptor threads receive client requests and put them in the connection queue. If the operating system has not yet scheduled the acceptor thread, the operating system kernel maintains TCP connections on behalf of Oracle Traffic Director process. The kernel can accept connections up to the limit specified by the listen queue size.

HTTP 1.0-style workloads can have many connections established and terminated. So if clients experience connection timeouts when an Oracle Traffic Director instance is heavily loaded, you can increase the size of the HTTP listener backlog queue by setting the listen queue size to a larger value.

The plain-text perfdump report shows the IP address and the number of acceptor threads for each HTTP listener in the configuration, as shown in the following example:

Tuning Keep-Alive Settings

About Keep-Alive Connections

HTTP 1.0 and HTTP 1.1 support sending multiple requests over a single HTTP connection. This capability, which was called keep alive in HTTP 1.0, is called persistent connections in HTTP 1.1 and is enabled by default in Oracle Traffic Director.

Keeping a connection active even after processing the original request helps reduce the time and overhead associated with creating and closing TCP connections for future similar requests. However, keep-alive connections over which few or no requests are received are an unnecessary burden on the system.

To avoid this problem, you can specify the maximum number of waiting keep-alive connections. When a keep-alive request is received, if there are more open connections waiting for requests than the specified maximum number, the oldest connection is closed. In addition, you can specify the period after which inactive keep-alive connections should be closed.

Reviewing Keep-Alive Connection Settings and Metrics

The plain-text perfdump report shows the current keep-alive settings and metrics, as shown in the following example:

The second number is the maximum number of keep-alive connections allowed.

KeepAliveHits is the number of times a request was successfully received over a connection that was kept alive.

If KeepAliveHits is high when compared with KeepAliveFlushes, it indicates that the keep-alive connections are being utilized well.

If KeepAliveHits is low, it indicates that a large number of keep-alive connections remain idle, unnecessarily consuming system resources. To address this situation, you can do the following:

Decrease the maximum number of keep-alive connections so that fewer connections are kept alive.

Note that the number of connections specified by the maximum connections setting is divided equally among the keep-alive threads. If the maximum connections setting is not equally divisible by the keep-alive threads setting, the server might allow slightly more than the maximum number of keep-alive connections.

Decrease the KeepAliveTimeout so that keep-alive connections do not remain idle for long. Note that if the KeepAliveTimeout is very low, the overhead of setting up new TCP connections increases.

KeepAliveFlushes is the number of times the server closed connections that the client requested to be kept alive.

On UNIX/Linux systems, if the keep-alive maximum connections setting is too high, the server can run out of open file descriptors. Typically, 1024 is the limit for open files on UNIX/Linux; so increasing the keep-alive maximum connections above 500 is not recommended. Alternatively, you can increase the file descriptor limit, as described in Tuning the File Descriptor Limit.

KeepAliveRefusals is the number of times the server could not hand off a connection to a keep-alive thread, possibly because the KeepAliveCount exceeded the keep-alive maximum connections. If this value is high, consider increasing the maximum number of keep-alive connections.

KeepAliveTimeouts is the number of times idle keep-alive connections were closed because no requests were received over them during the last KeepAliveTimeout period.

KeepAliveTimeout is the duration, in seconds, after which idle keep-alive connections are closed.

Another parameter that is configurable and affects performance, but is not shown in the perfdump report is the keep-alive poll interval, which, together with KeepAliveTimeout, controls latency and throughput. Decreasing the poll interval and the timeout period reduces latency on lightly loaded systems. Increasing the values of these settings raises the aggregate throughput on heavily loaded systems. However, if there is too much latency and too few clients, the aggregate throughput suffers, because the server remains idle unnecessarily. Therefore, at a given load, if there is idle CPU time, decrease the poll interval; if there is no idle CPU time, increase the poll interval.

Tuning Keep-Alive Settings

You can tune the keep-alive settings by using either the administration console or the CLI.

Changing Keep-Alive Settings Using the Administration Console

To change the keep-alive settings by using the administration console, do the following:

Click the Configurations button that is situated at the upper left corner of the page.

A list of the available configurations is displayed.

Select the configuration that you want to modify.

In the navigation pane, expand Advanced Settings and select HTTP.

The HTTP Settings page is displayed.

Go to the Keep Alive section on the page.

Specify the parameters that you want to change.

On-screen help and prompts are provided for all of the parameters.

When you change the value in a field or tab out of a text field that you changed, the Save button near the upper right corner of the page is enabled.

At any time, you can discard the changes by clicking the Reset button.

After making the required changes, click Save.

A message, confirming that the updated configuration was saved, is displayed in the Console Messages pane.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Changing Keep-Alive Settings Using the CLI

To view the current the keep-alive settings, run the get-keep-alive-prop command, as shown in the following example:

Tuning HTTP Request and Response Limits

To optimize the time that an Oracle Traffic Director instance spends in processing requests and responses, you can configure parameters such as the size of request and response headers, the number of allowed header fields in a request, and the time that Oracle Traffic Director waits to receive an HTTP request body and header.

You can view the change the HTTP request and response limits by using either the administration console or the CLI.

Viewing and Changing HTTP Request/Response Limits Using the Administration Console

Click the Configurations button that is situated at the upper left corner of the page.

A list of the available configurations is displayed.

Select the configuration that you want to modify.

In the navigation pane, expand Advanced Settings and select HTTP.

The HTTP Settings page is displayed.

Go to the HTTP section on the page.

Specify the parameters that you want to change.

On-screen help and prompts are provided for all of the parameters.

When you change the value in a field or tab out of a text field that you changed, the Save button near the upper right corner of the page is enabled.

At any time, you can discard the changes by clicking the Reset button.

After making the required changes, click Save.

A message, confirming that the updated configuration was saved, is displayed in the Console Messages pane.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Viewing and Changing HTTP Request/Response Limits Using the CLI

To view the current settings, run the get-keep-alive-prop command, as shown in the following example:

Tuning Caching Settings

Caching in Oracle Traffic Director

Caching frequently requested data reduces the time that clients have to wait for responses. In addition, when frequently accessed URLs are stored in memory, the load on the origin servers is significantly reduced.

Caching is enabled by default in Oracle Traffic Director.

Both static and dynamically generated content from origin servers are cached.

Oracle Traffic Director honors Cache-Control directives from origin servers, including directives to revalidate content and to not cache certain headers.

You can configure one or more caching rules specific to each virtual server, subject to the overall limits—maximum heap space, maximum entries, and maximum object size—specified for the configuration.

You can configure the caching rules to be applicable either to all requests or to only those requests that match a specified condition.

Cached data is held in the process memory (heap), separately for each virtual server. When the instance is stopped or restarted, the cache becomes empty.

WebSocket upgrade requests are not cached.

When a client first requests an object, Oracle Traffic Director sends the request to an origin server. This request is a cache miss. If the requested object matches a caching rule, Oracle Traffic Director caches the object. For subsequent requests for the same object, Oracle Traffic Director serves the object from its cache to the client. Such requests are cache hits.

Object Cache Entries is the number of entries (URIs) currently in the cache.

Cache lookup (hits/misses)

The first number is the number of times an entry was found in the cache for the requested URI.

The second number is the number of times the requested URI was not found in the cache.

Requests served from Cache is the number of requests that Oracle Traffic Director served from the cache.

Revalidation (successful/total)

The first number is the number of times revalidation of cached content was successful.

The second number is the total number of times Oracle Traffic Director attempted to revalidate cached content.

The percentage value is the ratio of successful revalidations to the total number of revalidation attempts.

Heap space used is the amount of cache heap space that is currently used.

Tunable Caching Parameters

Caching can be considered effective in reducing the response time for clients when the cache-hit rate is high; that is, a relatively large number of requests are served from the cache instead of being sent to origin servers. For a high cache-hit rate, there should be sufficient memory to store cacheable responses from origin servers and the entries in the cache should be validated regularly.

Note:

Dynamic content is generally not cacheable. So if the application or content being served by the origin servers consists mostly of dynamic content, the cache-hit rate is bound to be low. In such cases, enabling and tuning caching might not yield a significant performance improvement.

To improve the cache-hit rate, you can tune the following caching parameters:

Cache-entry replacement method

When the cache becomes full—that is, the number of entries reaches the maximum entries limit, or the cache heap size reaches the maximum cache heap space—further entries in the cache can be accommodated only if existing entries are removed. The cache-entry replacement method specifies how Oracle Traffic Director determines the entries that can be removed from the cache.

The default replacement method is Least Recently Used (lru). When the cache is full, Oracle Traffic Director discards the least recently used entries first.

The other available method is Least Frequently Used (lfu). When the cache is full, Oracle Traffic Director discards the least frequently used entry first.

In either method, every time Oracle Traffic Director serves content from the cache, it needs to track usage information—the time the content was served in the case of the lru replacement method, and the number of times the content was served in the case of lfu. So the time saved by serving content directly from the cache instead of sending the request to the origin server, is offset to a certain extent by the latency caused by the need to track usage information. Between the two methods, lru requires marginally lower computing resources.

You can disable cache-entry replacement by specifying false as the replacement method.

Maximum cache heap space

If only a small portion of the available heap space is used, it is possible that responses are not being cached because the virtual server-specific caching rules are defined too narrowly.

The optimal cache heap size depends upon how much system memory is free. With a large cache heap, Oracle Traffic Director can cache more content and therefore obtain a better hit ratio. However, the heap size should not be so large that the operating system starts paging cached content.

Maximum number of entries in the cache

If the number of entries in the cache, as shown in the perfdump report, is consistently near, or at, the maximum number of entries, it is an indication that the cache might not be large enough. Consider increasing the maximum number of entries.

If the number of entries in the cache is very low when compared with the maximum allowed entries, it is possible that responses are not being cached because the virtual server-specific caching rules are defined too narrowly.

Maximum size of cacheable object

To conserve system resources, you can limit the size of objects that are cached, even if the objects fulfill other caching rules.

If you observe that objects that are larger than the maximum cached object size are requested frequently, consider increasing the limit.

In a caching rule for a specific virtual server, you can specify the following parameters:

Minimum and maximum size of objects that can be cached

Minimum and maximum interval between cache-validation checks

Maximum number of characters in a query string that can be cached

Whether to compress content before caching

Whether to cache HTTPS responses

Configuring Caching Parameters

You can configure caching settings by using either the administration console or the CLI.

Configuring Caching Settings Using the Administration Console

To configure caching settings by using the administration console, do the following:

Click the Configurations button that is situated at the upper left corner of the page.

A list of the available configurations is displayed.

Select the configuration that you want to modify.

In the navigation pane, select Advanced Settings.

The Advanced Settings page is displayed.

Go to the Cache section on the page.

Specify the caching parameters that you want to change.

On-screen help and prompts are provided for all of the parameters.

When you change the value in a field or tab out of a text field that you changed, the Save button near the upper right corner of the page is enabled.

At any time, you can discard the changes by clicking the Reset button.

After making the required changes, click Save.

A message, confirming that the updated configuration was saved, is displayed in the Console Messages pane.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Click the Configurations button that is situated at the upper left corner of the page.

A list of the available configurations is displayed.

Select the configuration for which you want to create virtual server-specific caching rules.

In the navigation pane, expand Virtual Servers, expand the name of the virtual server for which you want to create caching rules, and select Caching.

The Caching page is displayed. It lists the caching rules that are currently defined for the virtual server, and indicates whether the rules are enabled.

Creating a Caching Rule

Click New Caching Rule.

The New Cache Rule dialog box is displayed.

In the Name field, enter a name for the new caching rule.

Click Next.

If this is the first caching rule for the virtual server, the New Caching Rule dialog box gives you the option to choose whether the rule should be applied to all requests. Select All Requests.

If you wish to apply the rule to only those requests that satisfy a condition, create a new condition by selecting Create a new condition. In the condition builder, select a Variable/Function and an Operator from the respective drop-down lists and provide a value in the Value field.

Select the and/or operator from the drop-down list when configuring multiple expressions. Similarly, use the Not operator when you want the route to be applied only when the given expression is not true.

The caching rule that you just created is displayed on the Caching page.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Editing a Caching Rule

To enable or disable a caching rule, or to change the settings of a rule, do the following:

Click the Name of the caching rule that you want to edit.

The Edit Cache Rule dialog box is displayed.

Note:

To access the condition builder to edit conditions, select Requests satisfying the condition and click Edit. The condition builder enables you to delete old expressions and add new ones.

When you change the value in a field or tab out of a text field that you changed, the Save button near the upper right corner of the page is enabled.

At any time, you can discard the changes by clicking the Reset button.

After making the required changes, click Save.

A message, confirming that the updated configuration was saved, is displayed in the Console Messages pane.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Deleting a Caching Rule

To delete a caching rule, click the Delete button. At the confirmation prompt, click OK.

Configuring Caching Settings Using the CLI

To change the caching properties for a configuration, run the set-cache-prop command.

For example, the following command changes the maximum cache heap space to 20 MB.

To create a caching rule for a virtual server, run the create-cache-rule command.

For example, the following command creates a rule named cache-rule-images for the virtual server soa.example.com in the configuration soa, to cache the requests for which the expression $uri='^/images' evaluates to true.

Tuning DNS Caching Settings

DNS caching helps reduce the number of DNS lookups that Oracle Traffic Director needs to perform to resolve client host names to IP addresses. The DNS cache is enabled by default in Oracle Traffic Director and stores IP address-to-DNS name mappings. Each entry in the DNS cache represents a single IP address or DNS name lookup. The DNS cache is used only when DNS lookup is enabled and when Oracle Traffic Director performs operations that require DNS lookup, such as recording client IP addresses and host names in the access log.

For the DNS cache hit rate to be high, the cache should be large enough to store the IP address-to-DNS name mappings for the maximum number of clients that you expect to access Oracle Traffic Director concurrently. You can tune the maximum number of entries allowed in the DNS cache and the cache expiry time. Note that setting the cache size too high might result in wasted memory.

CacheEntries shows the number of entries currently in the DNS cache and the maximum number of entries allowed.

HitRatio is the number of cache hits compared to the number of DNS cache lookups.

The last line indicates whether asynchronous DNS lookup is enabled.

You can configure Oracle Traffic Director to perform DNS lookups by using either its own asynchronous resolver or the operating system's synchronous resolver. DNS lookups performed by using the operating system's resolver are faster.

Configuring DNS Cache Settings

You configure the DNS cache settings for a configuration by using either the administration console or the CLI.

Configuring DNS Cache Settings Using the Administration Console

To configure DNS cache settings by using the administration console, do the following:

Click the Configurations button that is situated at the upper left corner of the page.

A list of the available configurations is displayed.

Select the configuration that you want to modify.

In the navigation pane, select Advanced Settings.

The Advanced Settings page is displayed.

Go to the DNS section on the page.

Specify the parameters that you want to change.

On-screen help and prompts are provided for all of the parameters.

When you change the value in a field or tab out of a text field that you changed, the Save button near the upper right corner of the page is enabled.

At any time, you can discard the changes by clicking the Reset button.

After making the required changes, click Save.

A message, confirming that the updated configuration was saved, is displayed in the Console Messages pane.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Configuring DNS Cache Settings Using the CLI

To change the DNS cache settings for a configuration, run the set-dns-cache-prop command.

For example, the following command changes the maximum number of entries allowed in the DNS cache to 2048:

Tuning SSL/TLS-Related Settings

SSL/TLS Session Caching

During the initial SSL/TLS handshake process for an HTTPS connection, the client and server negotiate the cipher suites to be used, and the encryption/decryption and MAC keys (see "About SSL"). This activity requires significant CPU time, depending on whether RSA or ECC private keys are used, and the size of the keys.

The initial SSL/TLS handshake results in the generation of a unique SSL/TLS session ID. If the SSL/TLS session ID is cached, then the next time that same HTTPS client opens a new socket connection, the server can reduce the time taken to establish the connection by retrieving the SSL/TLS session ID from the cache and performing an abbreviated SSL/TLS handshake, which is less CPU-intensive than the initial handshake.

SSL/TLS session caching is enabled by default in Oracle Traffic Director. When a new connection is established on an SSL/TLS-enabled listener, Oracle Traffic Director checks whether the SSL/TLS session cache contains a session ID for the client. If the session ID for the client exists in the cache and is valid, Oracle Traffic Director allows the client to reuse the session.

You can configure the maximum number of entries in the SSL/TLS session cache and the duration for which SSL/TLS session IDs should be stored in the cache.

You can configure the SSL/TLS session cache settings for a configuration by using either the administration console or the CLI.

Click the Configurations button that is situated at the upper left corner of the page.

A list of the available configurations is displayed.

Select the configuration that you want to modify.

In the navigation pane, select SSL.

The SSL Settings page is displayed.

Go to the SSL & TLS section on the page.

Specify the parameters that you want to change.

On-screen help and prompts are provided for all of the parameters.

When you change the value in a field or tab out of a text field that you changed, the Save button near the upper right corner of the page is enabled.

At any time, you can discard the changes by clicking the Reset button.

After making the required changes, click Save.

A message, confirming that the updated configuration was saved, is displayed in the Console Messages pane.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Configuring SSL/TLS Session Caching Settings Using the CLI

To view the current SSL/TLS caching settings for a configuration, run the get-ssl-session-cache-prop command, as shown in the following example:

Ciphers and Certificate Keys

Strong ciphers and large private keys provide better security for SSL/TLS connections, but they affect performance.

In SSL/TLS connections, certain ciphers—such as AES and RC4—require less computing resources for the data transfer than stronger ciphers such as 3DES. Consider this factor when you select SSL/TLS ciphers for listeners for which Strict SNI Host Matching is enabled.

The initial SSL/TLS handshake process takes less time for RSA certificates with small key sizes—1024 and 2048 bits—than for certificates with large key sizes—3072 and 4096 bits.

For information about creating self-signed certificates and certificate-signing requests, see Managing Certificates.

Configuring Access-Log Buffer Settings

The access log contains information about client requests to, and responses from, the server. When the rate at which an Oracle Traffic Director instance receives client requests is very high, which is usually the case in a production environment, the frequency of writing entries to the log file on the disk increases. Writing frequently to the disk is an I/O-intensive activity that can affect the performance of the server.

To reduce the frequency at which Oracle Traffic Director writes entries to the access log on the disk, access log updates can be buffered. Access-log buffering is enabled by default in Oracle Traffic Director.

You can specify limits for the access-log buffer size, the number of access-log buffers per server, and the maximum duration for which entries should be held in the buffer. When the buffer size, the number of buffers, or the age of an entry in the buffer reaches the specified limit, Oracle Traffic Director writes the buffered data to the access log on the disk.

You can configure the access-log buffer settings by using either the administration console or the CLI.

Click the Configurations button that is situated at the upper left corner of the page.

A list of the available configurations is displayed.

Select the configuration for which you want to configure access-log buffer preferences.

In the navigation pane, select Logging.

The Log Preferences page is displayed.

Go to the Advanced Settings section on the page, and scroll down to the Access Log Buffer subsection.

Specify the parameters that you want to change.

On-screen help and prompts are provided for all of the parameters.

When you change the value in a field or tab out of a text field that you changed, the Save button near the upper right corner of the page is enabled.

At any time, you can discard the changes by clicking the Reset button.

After making the required changes, click Save.

A message, confirming that the updated configuration was saved, is displayed in the Console Messages pane.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Configuring Access-Log Buffer Settings Using the CLI

To view the current access-log buffer properties, run the get-access-log-buffer-prop command, as shown in the following example:

For information about viewing logs, configuring log preferences, rotating logs, and so on, see Managing Logs.

Enabling and Configuring Content Compression

Compressed objects are delivered faster to clients, with fewer round-trips, reducing the overall latency without increasing the investment in expensive hardware.

You can create one or more compression rules specific to each Oracle Traffic Director virtual server, and configure the rules to be applicable either to all requests or to only those requests that match a specified condition.

Note:

Certain files—such as GIF, JPEG, and PNG images; and zipped files—are either already compressed or cannot be compressed any further. Requiring Oracle Traffic Director to compress such files causes additional overhead without providing any compression benefit. Therefore, when creating compression rules for a virtual server, exclude such files.

For each compression rule, you can also specify the following parameters:

Compression level, on the scale 1–9. At level 1, the compression time is the least; at level 9, the compression ratio is the best.

At the higher compression levels, more CPU resources are consumed during the compression process, but relatively less network bandwidth is required to transmit the compressed content. On the other hand, compression at the lower levels is relatively less CPU-intensive, but more bandwidth is required to transmit the resulting content. So when choosing the compression level, consider which resource is more expensive in your environment—CPU resources or network bandwidth.

If CPU usage is more expensive, select a lower compression level.

If network bandwidth is the primary constraint, select a higher compression level.

Number of bytes (fragment size) that should be compressed at a time.

Whether the Vary: Accept-Encoding header should be included the response.

The Vary: Accept-Encoding header instructs proxies situated between the client and Oracle Traffic Director that the compressed content should not be served to clients that cannot decompress the content.

Configuring Compression Rules Using the Administration Console

To create compression rules by using the administration console, do the following:

Click the Configurations button that is situated at the upper left corner of the page.

A list of the available configurations is displayed.

Select the configuration for which you want to create compression rules.

In the navigation pane, expand Virtual Servers, expand the name of the virtual server for which you want to create compression rules, and select Compression.

The Compression Rules page is displayed. It lists the compression rules that are currently defined for the virtual server, and indicates whether the rules are enabled.

Creating a Compression Rule

Click New Compression Rule.

The New Compression Rule dialog box is displayed.

In the Name field, enter a name for the new compression rule.

Select a compression level from the Compression Level drop-down list.

Click Next.

If this is the first compression rule for the virtual server, the New Caching Rule dialog box gives you the option to choose whether the rule should be applied to all requests. Select All Requests.

If you wish to apply the rule to only those requests that satisfy a condition, create a new condition by selecting Create a new condition. In the New Expression pane, select a Variable/Function and an Operator from the respective drop-down lists and provide a value in the Value field.

Select the and/or operator from the drop-down list when configuring multiple expressions. Similarly, use the Not operator when you want the route to be applied only when the given expression is not true.

The caching rule that you just created is displayed on the Compression Rules page.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Editing a Compression Rule

To enable or disable a compression rule, or to change the settings of a rule, do the following:

Click the Name of the compression rule that you want to change.

The Edit Compression Rule dialog box is displayed.

Note:

To access the condition builder to edit conditions, select Requests satisfying the condition and click Edit. The condition builder enables you to delete old expressions and add new ones.

Specify the parameters that you want to change.

On-screen help and prompts are provided for all of the parameters.

When you change the value in a field or tab out of a text field that you changed, the Save button near the upper right corner of the page is enabled.

At any time, you can discard the changes by clicking the Reset button.

After making the required changes, click Save.

A message, confirming that the updated configuration was saved, is displayed in the Console Messages pane.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Deleting a Compression Rule

To delete a compression rule, click the Delete button. At the confirmation prompt, click OK.

Configuring Compression Rules Using the CLI

To create a compression rule for a virtual server, run the create-compression-rule command.

For example, the following command creates a rule named compress-docs for the virtual server soa.example.com in the configuration soa, to cache the requests for which the expression $uri='^/docs' evaluates to true.

Common Performance Problems

This chapter discusses common web site performance problems.

Low-Memory Situations

If Oracle Traffic Director must run in low-memory situations, reduce the thread limit to a bare minimum by lowering the value of the Maximum Threads setting on the configuration's Performance Tab ﬁ HTTP sub tab. You can also set it with the set-thread-pool-prop command's max-threads property.

The server automatically selects many server defaults based on the system resources, for optimal performance. However, if the server's chosen defaults are not suited to your configuration, you can override them. For more information about how to tune the server to obtain a smaller memory footprint, see Large Memory Footprint.

If your application runs out of maximum sessions as evidenced by a "too many active sessions" message in the server log file, and results in the container throwing exceptions, application performance will be impacted. To address the situation, consider the session manager properties, and the session idle time. Note that JSPs have sessions enabled by default.

Too Few Threads

The server does not allow the number of active threads to exceed the thread limit value. If the number of simultaneous requests reaches that limit, the server stops servicing new connections until the old connections are freed up. This can lead to increased response time.

In Oracle Traffic Director, the server's default maximum threads setting is greater of 128 or the number of processors in the system. If you want your server to process more requests concurrently, you need to increase the maximum number of threads.

The symptom of a server with too few threads is a long response time. Making a request from a browser establishes a connection fairly quickly to the server, but if there are too few threads on the server it can take a long time before the response comes back to the client.

The best way to tell if your server is being throttled by too few threads is to see if the number of active sessions is close to, or equal to, the maximum number of threads. To do this, see Session Creation and Thread Information.

Large Memory Footprint

Oracle Traffic Director automatically configures the connection queue size based on the number of available file descriptors in the system. The connection queue size on a system is determined by the sum total of thread-pool/max-threads element, thread-pool/queue-size element and keep-alive/max-connections element in the server.xml file.

In certain cases, the server's chosen defaults leads to larger memory footprint than what is required to run your applications. If the server selected defaults does not suit your needs, the memory usage of the server can be changed by specifying the values in server.xml. The thread-pool/max-threads is greater of 128 or the number of processors in the system unless explicitly specified in server.xml. The thread-pool/queue-size can be obtained from perfdump by examining the Connection Queue Information. The keep-alive/max-connections can be obtained from Keep-Alive Information and Keep-Alive Count. Logging at level fine will print these values in the error log file.

Log File Modes

Keeping the log files on a high-level of verbosity can have a significant impact on performance. On the configuration's General Tab ﬁ Log Settings page choose the appropriate log level and use levels such as Fine, Finer, and Finest with care. To set the log level using the CLI, use the command tadm set-log-prop and set the log-level.

Using nostat

You can specify the parameter nostat in the obj.confNameTrans function assign-name to prevent the server from obtaining statistics on a specified URL whenever possible. Use the following syntax:

In the previous example, the server does not obtain statistics for path /ntrans-base/nsfc and /ntrans-base/nsfc/* if ntrans-base is set. If ntrans-base is not set, the server does not obtain statistics for URLs /nsfc and /nsfc/*. By default, ntrans-base is set. The example assumes the default PathCheck server functions are used.

When you use nostat=virtual-path in the assign-nameNameTrans, the server assumes that the statistics on the specified virtual-path will fail. Therefore, use nostat only when the path of the virtual-path does not exist on the system, for example, in NSAPI plug-in URLs. Using nostat on those URLs improves performance by avoiding unnecessary statistics on those URLs.

Tuning Connections to Origin Servers

Each Oracle Traffic Director virtual server acts as a reverse proxy through which clients outside the network can access critical data and applications hosted on multiple origin servers in the back end. This section describes the parameters that you can tune to improve the performance of Oracle Traffic Director as a reverse-proxy server.

Enable keep-alive: This parameter indicates whether the Oracle Traffic Director virtual server should attempt to use persistent connections to the origin server or create a new connection for each request. It is enabled by default.

Keep-alive timeout: This parameter specifies the maximum duration, in seconds, for which a persistent connection can be kept open. The default timeout duration is 29 seconds.

Idle timeout: This parameter specifies the maximum duration, in seconds, for which a connection to the origin server can remain idle. The default duration is 300 seconds.

Always use keep-alive: This parameter indicates whether the Oracle Traffic Director virtual server can reuse existing persistent connections to origin servers for all types of requests. If this parameter is not enabled (default), the Oracle Traffic Director virtual server attempts to use persistent connections to the origin server only for the GET, HEAD, and OPTIONS request methods.

Proxy buffer size: This parameter specifies the size of the buffer in which Oracle Traffic Director stores data received from the origin server, before sending the data to the client. Larger the buffer, lower is the number of write system calls. The default size of the proxy buffer is 16 kilobytes.

The reverse-proxy settings for connections between an Oracle Traffic Director virtual server and an origin server pool are defined in routes. To change the reverse-proxy settings, you should edit the routes by using either the administration console or the CLI.

Note:

In the current release, you cannot configure the proxy buffer size by using the administration console or the CLI.

To configure the proxy buffer size for a route, do the following:

Add the proxy-buffer-size parameter to the http-client-config server application function (SAF) in the vs_name-obj.conf configuration file of the virtual server that contains the route that you want to edit.

The vs_name-obj.conf file is located in the following directory:

INSTANCE_HOME/net-config_name/config

The following is an example of a route (route1) for which the proxy-buffer-size and other reverse-proxy parameters have been configured.

When you change the value in a field or tab out of a text field that you changed, the Save button near the upper right corner of the page is enabled.

At any time, you can discard the changes by clicking the Reset button.

After making the required changes, click Save.

A message, confirming that the updated configuration was saved, is displayed in the Console Messages pane.

In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Deploying a Configuration.

Configuring Routes Using the CLI

To change the properties of a route, run the set-route-prop command. The following are the names of the reverse-proxy parameters described earlier:

keep-alive-timeout
always-use-keep-alive
use-keep-alive
timeout

For example, the following command changes the keep-alive timeout duration for the route route1 in the virtual server soa.example.com of the configuration soa to 30 seconds.

Solaris-specific Tuning

This section provides tuning information that is specific to Solaris. Note that these are platform-specific tuning tips and any changes that you make could affect other process on the system.

Files Open in a Single Process (File Descriptor Limits)

Different platforms have different limits on the number of files that can be open in a single process at one time. For busy sites, increase that number. On Solaris systems, control this limit by setting rlim_fd_max and rlim_fd_cur in the /etc/system file. For Solaris 11, the default for rlim_fd_max is 65536 and the default value for rlim_fd_cur is 256.

After making this or any change in the /etc/system file, reboot Solaris for the new settings to take effect. In addition, if you upgrade to a new version of Solaris, remove any line added to /etc/system and add it again only after verifying that it is still valid.

An alternative way to make this change is by using the ulimit –n <value> command. Using this command does not require a system restart. However, this command only changes the login shell, whereas editing the etc/system file affects all shells.

Failure to Connect to HTTP Server

If clients experience connection timeouts when an Oracle Traffic Director instance is heavily loaded, you can increase the size of the HTTP listener backlog queue. To increase this setting, edit the HTTP listener's listen queue value.

In addition to this, you must also increase the limits within the Solaris TCP/IP networking code. There are two parameters that are changed by executing the following commands:

These two settings increase the maximum number of two Solaris listen queues that can fill up with waiting connections. The setting _conn_req_max_q increases the number of completed connections waiting to return from an accept() call. The setting _conn_req_max_q0 increases the maximum number of connections with the handshake incomplete. The default values for _conn_req_max_q and _conn_req_max_q0 are 128 and 1024, respectively.

You can monitor the effect of these changes by using the netstat -s command and looking at the tcpListenDrop, tcpListenDropQ0, and tcpHalfOpenDrop values. Review them before adjusting these values. If the counters are not zero, adjust the value to 2048 initially, and continue monitoring the netstat output.

Do not accept more connections than Oracle Traffic Director is able to process. The value of 2048 for the parameters tcpListenDrop, tcpListenDropQ0, and tcpHalfOpenDrop typically reduces connection request failures, and improvement has been seen with values as high as 4096.

The HTTP listener's listen queue setting and the related Solaris _conn_req_max_q and _conn_req_max_q0 settings are meant to match the throughput of Oracle Traffic Director. These queues act as a buffer to manage the irregular rate of connections coming from web users. These queues allow Solaris to accept the connections and hold them until they are processed by Oracle Traffic Director.

Tuning TCP Buffering

TCP buffering can be tuned by using the send_buf and recv_buf parameters. For more information about these parameters, see Table 14-1.

Reduce File System Maintenance

UNIX file system (UFS) volumes maintain the time that each file was accessed. If the file access time updates are not important in your environment, you can turn them off by adding the noatime parameter to the data volume's mount point in /etc/vfstab. For example:

/dev/dsk/c0t5d0s6 /dev/rdsk/c0t5d0s6 /data0 ufs 1 yes noatime

Note:

The noatime parameter does not turn off the access time updates when the file is modified, but only when the file is accessed.

For ZFS, you can use the zfs set command to modify any settable dataset property. The following example sets the atime property to off for tank/home.

zfs set atime=off tank/home

Long Service Times on Busy Volumes or Disks

An Oracle Traffic Director instance's responsiveness depends greatly on the performance of the disk subsystem. The iostat utility can be used to monitor how busy the disks are and how rapidly they complete I/O requests (the %b and svc_t columns, respectively). Service times are not important for disks that are less than 30% busy. However, for busier disks, service times should not exceed about 20 milliseconds. If busy disks have slower service times, improving disk performance can help performance substantially.If some disks are busy while others are lightly loaded, balance the load by moving some files from the busy disks to the idle disks.

Short-Term System Monitoring

Solaris offers several tools for keeping track of system behavior. Although you can capture their output in files for later analysis, the tools listed below are primarily meant for monitoring system behavior in real time:

To see how busy each disk is, take a look at the %b column. For any disk that is busy more than 20% of the time, pay attention to the service time as reported in the svct column. Other columns provide information about I/O operation rates, amount of data transferred, and so on.

Take a look at the sr column to keep track of the page scan rate and take action if it is too high. In addition, monitor the us, sy, and id columns to see how heavily the CPUs are being used. Note that you need to keep plenty of CPU power in reserve to handle sudden bursts of activity. Also keep track of the r column to see how many threads are competing for CPU time. If this remains higher than about four times the number of CPUs, reduce the server's concurrency.

Long-Term System Monitoring

While it is important to monitor system performance with the tools mentioned above, collecting longer-term performance histories is equally important, as it can help you detect trends. For example, a baseline record of a system will help you find out what has changed if the system starts behaving poorly. Enable the system activity reporting package by doing the following:

Run the following command:

svcadm enable system/sar

Run the command crontab -e sys and remove the # comment characters from the lines with the sa1 and sa2 commands. You can adjust how often the commands run and the time depending on your site's activity profile. For an explanation of the format of this file see the crontab man page.

This command causes the system to store performance data in files in the /var/adm/sa directory, where they are retained for one month by default. You can then use the sar command to examine the statistics for time periods of interest.

Tuning for Performance Benchmarking

The following table shows the operating system tuning for Solaris used when benchmarking for performance and scalability. These values are an example of how you can tune your system to achieve the desired result.

Table 14-1 Tuning Solaris for Performance Benchmarking

Parameter

Scope

Default Value

Tuned Value

Comments

rlim_fd_cur

/etc/system

256

65536

Soft limit

rlim_fd_max

/etc/system

65536

65536

Process open file descriptors limit; accounts for the expected load (for the associated sockets, files, and pipes if any).

_time_wait_interval

ipadm set-prop

60000

600000

Set on clients as well.

_conn_req_max_q

ipadm set-prop

128

1024

_conn_req_max_q0

ipadm set-prop

1024

4096

_ip_abort_interval

ipadm set-prop

300000

600000

_keepalive_interval

ipadm set-prop

7200000

9000000

For high traffic web sites, lower this value.

_rexmit_interval_initial

ipadm set-prop

1000

3000

If re-transmission is greater than 30-40%, increase this value.

_rexmit_interval_max

ipadm set-prop

60000

100000

_rexmit_interval_min

ipadm set-prop

200

3000

smallest_anon_port

ipadm set-prop

32768

65535

Set on clients as well.

send_buf

ipadm set-prop

49152

128000

To increase the transmit buffer.

recv_buf

ipadm set-prop

128000

1048576

To increase the receive buffer.

Scripting on this page enhances content navigation, but does not change the content in any way.